Home

SysAdmin

WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED!
09/06/2010 - 19:03

When you logging into a Linux box using ssh, the Linux where you are logging from will ask you to validate the authenticity of the key presented by that host.

Once you answer yes, that key will be stored. Future logging attempts to that same server will check they key against what is stored in the file:

~/.ssh/known_hosts

If they do not match, may mean that someone is in the middle trying to capture your password, so be careful when you see some alert like this:

@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@ WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED! @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!
Someone could be eavesdropping on you right now (man-in-the-middle attack)!
It is also possible that the RSA host key has just been changed.
The fingerprint for the RSA key sent by the remote host is
5c:0b:18:56:b6:cd:12:10:32:cd:1d:a2:9a:cd:e5:1c.
Please contact your system administrator.
Add correct host key in /home/user/.ssh/known_hosts to get rid of this message.
Offending key in /home/user/.ssh/known_hosts:3
RSA host key for server.mydomain.com has changed and you have requested strict checking.
Host key verification failed.
UUID on Linux fstab file
09/02/2010 - 16:37

UUID stands for Universally Unique IDentifier and it is used in Linux to identify disk in the /etc/fstab file.

This way, the order of the disk in the motherboard can be changed, not affecting the mount point they will have.

As can be seen, it is a good idea to have fstab using UUID instead of the /dev/xdx way to identify the disks.

How-to install secure pure ftp server chrooted with virtual users
05/07/2010 - 22:10

Having a FTP server usually means some risks, in this how-to I will try to show you how to avoid some of them.
First, if you can avoid installing an FTP server, do it, usually it is not needed at all, you may think you need it, if you have a web server, and you need to upload files to it, but no, you do not need it. You can use scp, (sftp) to upload your files.
When the FTP server is really needed is when you need to put some files that non-techie users needs to download, and you also need to allow this non-techie users to upload files to the server.
Well, some of the security issues you may have with running a FTP server on a Linux Operating System are:

  1. Users are commonly created in the system itself, thus allowing them to log into the system
  2. Passwords are not encrypted, therefore it can be guessed, and then used to gain access to the system using ssh

One way to overcome this issues, is to install pure-ftp with support for virtual users, and have them jailed to their home directories.

Stop brute force attacks with these iptables examples
04/26/2010 - 19:29

First let's define with the help of Wikipedia what a dictionary attack is:

In cryptanalysis and computer security, a dictionary attack is a technique for defeating a cipher or authentication mechanism by trying to determine its decryption key or passphrase by searching likely possibilities.

A dictionary attack uses a brute-force technique of successively trying all the words in an exhaustive list called a dictionary (from a pre-arranged list of values). In contrast with a normal brute force attack, where a large proportion key space is searched systematically, a dictionary attack tries only those possibilities which are most likely to succeed, typically derived from a list of words for example a dictionary (hence the phase dictionary attack) or a bible etc. Generally, dictionary attacks succeed because many people have a tendency to choose passwords which are short (7 characters or fewer), single words found in dictionaries or simple, easily-predicted variations on words, such as appending a digit.

So as you can see, we have two "types of brute force attacks" those which use dictionary and those that does not. With this technique we will be protected from both of them.

This technique, uses iptables to block a particular IP, that has passed the threshold of a certain number of connections in a given period of time.

I will show here, some basic IPtables rules to protect a web server from brute force attacks, but this example can be adapted to other scenarios.

Enable dns server, bind, logs to debug turn on with rndc
04/12/2010 - 23:19

If you need to debug, or for any other reason to log all queries your DNS server gets, you can turn log on.

We will use rndc to achieve this goal.

First we need to configure both rndc and bind.

Fortunately rndc comes with a handy tool, that teach us how to configure both rndc and bind easily.

jobs command: List the running task or processes in the current session
04/11/2010 - 19:51

The jobs command will list the running, stopped, foreground and background jobs or task running in the current session.

Syntax

jobs [options]

The options are:

  • -l

    • Report the process group ID and working directory of the jobs.

  • -n

    • Display only jobs that have stopped or exited since last notified.

  • -p
Automatic MySQL backup
04/10/2010 - 00:17

Backups are one of the most important tasks a Linux System Administrator has to perform.

From Wikipedia:

In information technology, a backup or the process of backing up refers to making copies of data so that these additional copies may be used to restore the original after a data loss event. These additional copies are typically called "backups." The verb is back up in two words, whereas the noun is backup (often used like an adjective in compound nouns).

Backups are useful primarily for two purposes. The first is to restore a state following a disaster (called disaster recovery). The second is to restore small numbers of files after they have been accidentally deleted or corrupted. Data loss is also very common. 66% of internet users have suffered from serious data loss.

Since a backup system contains at least one copy of all data worth saving, the data storage requirements are considerable. Organizing this storage space and managing the backup process is a complicated undertaking. A data repository model can be used to provide structure to the storage. In the modern era of computing there are many different types of data storage devices that are useful for making backups. There are also many different ways in which these devices can be arranged to provide geographic redundancy, data security, and portability.

How to benchmark, Stress, your Apache, Nginx or IIS server
04/10/2010 - 09:29

When your run a webserver, which could be Apache, Nginx or Lighttpd, you may want to know how it is performing.

Actually usually any web server can handle a normal day of work, but what happens when the server under your administration gets, stumbled, or appears in Slashdot, or digg front pages, now a days even twitter may drive a lot of traffic to a webpage.

If that event occurs your server will be under real stress, and it is in that day when you want it to perform well, and survive the "attack".

It is usually not possible to know how it will do that day, until the D. day arrives, but you can figure out how it will be.

We will use ab, which is a tool that comes with Apache is the Apache Benchmarking tool.

Add a second ip to Linux - Arch Linux rc.conf
04/09/2010 - 09:58

Continuing with Add second IP Ubuntu" Now let's see how to do it on Arch Linux.

First edit the file rc.conf (I like the way Arch Linux is so simple).

You have these options:

How to view live a log file in Linux
04/07/2010 - 16:51

Log files are important when debugging or just to check how a system is performing, we usually use cat to list the log on the screen, but if we want to see a live view of the log file, the command is:

tail -f /var/log/logfile.log